IT Troubleshooter | Harper Mann » Man-Made Security Woes

June 27, 2006 | Comments: (0)

Man-Made Security Woes

TAGS: Security

In enterprise IT, all sorts of suffering happens in the good name of security. As an end user, it's really hard to know what you need to do and don't need to do -- and often the processes / technology in place are merely illusory feel-goods.

For example, most login systems will kick a user off after three tries. But what's the difference between getting kicked out after three tries, after four tries, or after 100 tries? There's no sound statistical reasoning behind the number three, and it's a perceived security rather than a real security. But what's very real is the inconvenience for fumbley-fingered people like me that get locked out all the time after three mis-types in a row, and the help desk guy/gal's time as they reset the password and get the user back on the system.

Then you have the joy of the random-generated password. Yes, it is the strongest password that you can create. But I can't remember a randomly-generated password with tildes and other weird diacritical marks. So I've got 300 passwords on a PC, and I guess if anyone ever guesses the password to that one, I'm hosed.

Almost all of us have experienced virus attacks on email systems (either directly, or via a bunch of spam sent by an associate's email system going bonkers). But I've never heard of anyone actually breaking into a firewall that didn't already have the password to the firewall. And doesn't it seem like every time you hear about a massive customer data theft (like AIG's recent one), it's a matter of a burglar going into the physical location and stealing the actual hardware?

And for all the firewalls and intrusion detection systems that are built, there's a definite pain in managing and fine-tuning these systems.

In a recent VARBusiness article, George Hulme teed up the market opportunity for solution providers targeting security configuration. It would seem that customers (even with as few as ten or so servers and a few routers) are finding it prohibitively complex to configure and maintain their systems over time.

Hulme quotes one Gartner analyst who says that 99 percent of external hacks are exploiting system configurations, and quotes another who says: "Customers are always changing and adopting new applications ... [S]ome have thousands and thousands of services, and they just can't get their hands around how many servers they actually have deployed, or the functional relationships between servers."

Posted by Harper Mann on June 27, 2006 10:43 AM

RATE THIS ARTICLE: